[Secure-testing-commits] r14272 - data/CVE

Joey Hess joeyh at alioth.debian.org
Mon Mar 15 21:14:24 UTC 2010 

Author: joeyh
Date: 2010-03-15 21:14:24 +0000 (Mon, 15 Mar 2010)
New Revision: 14272

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-03-15 19:59:24 UTC (rev 14271)
+++ data/CVE/list	2010-03-15 21:14:24 UTC (rev 14272)
@@ -956,8 +956,7 @@
 	RESERVED
 CVE-2010-0625
 	RESERVED
-CVE-2010-0624 [heap overflow in rmt implementation of tar/cpio]
-	RESERVED
+CVE-2010-0624 (Heap-based buffer overflow in the rmt_read__ function in ...)
 	- cpio 2.11-1 (low)
 	- tar 1.23-1 (low)
 	[lenny] - cpio <no-dsa> (Minor issue)
@@ -1559,8 +1558,7 @@
 	RESERVED
 	- php5 5.3.2-1 (medium; bug #573573)
 	NOTE: sent mail to oss-sec notifying about the id
-CVE-2010-0396 [dpkg path traversal]
-	RESERVED
+CVE-2010-0396 (Directory traversal vulnerability in the dpkg-source component in dpkg ...)
 	{DSA-2011-1}
 	- dpkg 1.15.6
 CVE-2010-0395
@@ -2400,12 +2398,12 @@
 	RESERVED
 CVE-2010-0125
 	RESERVED
-CVE-2010-0124
-	RESERVED
-CVE-2010-0123
-	RESERVED
-CVE-2010-0122
-	RESERVED
+CVE-2010-0124 (Employee Timeclock Software 0.99 places the database password on the ...)
+	TODO: check
+CVE-2010-0123 (The database backup implementation in Employee Timeclock Software 0.99 ...)
+	TODO: check
+CVE-2010-0122 (Multiple SQL injection vulnerabilities in Employee Timeclock Software ...)
+	TODO: check
 CVE-2010-0121
 	RESERVED
 CVE-2010-0120
@@ -3160,36 +3158,36 @@
 	RESERVED
 	- xar <unfixed> (bug #572556)
 	[lenny] - xar <no-dsa> (Minor issue)
-CVE-2010-0054
-	RESERVED
-CVE-2010-0053
-	RESERVED
-CVE-2010-0052
-	RESERVED
-CVE-2010-0051
-	RESERVED
-CVE-2010-0050
-	RESERVED
-CVE-2010-0049
-	RESERVED
-CVE-2010-0048
-	RESERVED
-CVE-2010-0047
-	RESERVED
-CVE-2010-0046
-	RESERVED
-CVE-2010-0045
-	RESERVED
-CVE-2010-0044
-	RESERVED
-CVE-2010-0043
-	RESERVED
-CVE-2010-0042
-	RESERVED
-CVE-2010-0041
-	RESERVED
-CVE-2010-0040
-	RESERVED
+CVE-2010-0054 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 ...)
+	TODO: check
+CVE-2010-0053 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 ...)
+	TODO: check
+CVE-2010-0052 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 ...)
+	TODO: check
+CVE-2010-0051 (WebKit in Apple Safari before 4.0.5 does not properly validate the ...)
+	TODO: check
+CVE-2010-0050 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 ...)
+	TODO: check
+CVE-2010-0049 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 ...)
+	TODO: check
+CVE-2010-0048 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 ...)
+	TODO: check
+CVE-2010-0047 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 ...)
+	TODO: check
+CVE-2010-0046 (The Cascading Style Sheets (CSS) implementation in WebKit in Apple ...)
+	TODO: check
+CVE-2010-0045 (Apple Safari before 4.0.5 on Windows does not properly validate ...)
+	TODO: check
+CVE-2010-0044 (PubSub in Apple Safari before 4.0.5 does not properly implement use of ...)
+	TODO: check
+CVE-2010-0043 (ImageIO in Apple Safari before 4.0.5 on Windows allows remote ...)
+	TODO: check
+CVE-2010-0042 (ImageIO in Apple Safari before 4.0.5 on Windows does not ensure that ...)
+	TODO: check
+CVE-2010-0041 (ImageIO in Apple Safari before 4.0.5 on Windows does not ensure that ...)
+	TODO: check
+CVE-2010-0040 (Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows ...)
+	TODO: check
 CVE-2010-0039
 	RESERVED
 CVE-2010-0038 (Recovery Mode in Apple iPhone OS 1.0 through 3.1.2, and iPhone OS for ...)
@@ -4159,8 +4157,8 @@
 	NOT-FOR-US: Adobe Shockwave Player
 CVE-2009-4002 (Heap-based buffer overflow in Adobe Shockwave Player before 11.5.6.606 ...)
 	NOT-FOR-US: Adobe Shockwave Player
-CVE-2009-4001
-	RESERVED
+CVE-2009-4001 (Integer overflow in XnView before 1.97.2 might allow remote attackers ...)
+	TODO: check
 CVE-2009-4000 (Directory traversal vulnerability in goform/formExportDataLogs in HP ...)
 	NOT-FOR-US: HP Power Manager
 CVE-2009-3999 (Stack-based buffer overflow in goform/formExportDataLogs in HP Power ...)

More information about the Secure-testing-commits mailing list